MID Server | FileNotFoundException (Access is denied) when adding a certificate to the MID Server Unified Key Store - Support and Troubleshooting

MID Server | FileNotFoundException (Access is denied) when adding a certificate to the MID Server Unified Key Store Issue .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } When adding a custom certificate to the MID Server's Unified Key Store using the manage-certificates.bat or manage-certificates.sh packaged MID Server scripts you receive an ERROR message that the KeystoreInstallAPI 'Could not install custom certificate' caused by a FileNotFoundException with (Access is denied).

Symptoms .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } The custom certificate files are located in the directory indicated in the manage-certificates.bat/sh command that was run.

There are no security rules in place that would deny access to the certificate files.

The Error and Exception include a Stack Trace like the below example:

PS C:\ServiceNow\MIDServer\agent\bin > scripts\manage-certificates.bat -a mycustomcert C:\Documents\CustomCertificates 2025-10-24T16:31:52.032-0700 INFO (main) [XmlLocalConfigParameterStore:301] Loaded configuration file: C:\ServiceNow\MIDServer\agent\congig.xml 2025-10-24T16:31:52.072-0700 INFO (main) [KeyPairsProviderFactory:57] Loaded credentials provider: com.service_now.mid. keypairs.provider.standard.StandardKeyPairsProvider 2025-10-24T16:31:52.094-0700 ERROR (main) [KeystoreInstallAPI:552] Could not install custom certificate java.io.FileNotFoundException: C:\Documents\CustomCertificates (Access is denied) at java.base/java.io.FileInputStream.open0(Native Method) at java.base/java.io.FileInputStream.open(FileInputStream.java:216) at java.base/java.io.FileInputStream. (FileInputStream.java:157) at java.base/java.io.FileInputStream. (FileInputStream.java:111) Facts .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } The manage-certificates scripts use the MID Server's KeystoreInstallAPI to install the custom certificate to the unified keystore.

The KeystoreInstallAPI uses java.io.FileReader to read the custom certificate file that's going to be installed.

java.io.FileReader will throw a FileNotFoundException if the named file does not exist , is a directory rather than a regular file , or for some other reason cannot be opened for reading.

In ServiceNow's documentation to Install the .pem file in the MID unified keystore and set up the MID Web Server the procedure to run the manage-certificates script shows that the last parameter is the full path to the custom certificate file that's going to be installed. Release .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Any Release

Cause .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } The most common cause is that the directory that the custom certificate files are located in has been used in the manage-certificates.bat/sh command instead of the full path to the certificate file itself.

• In the above example, the certificate file mid.pem is located in the C:\Documents\CustomCertificates directory.

• In the command that was run, the path to the CustomCertificates directory was entered as the full path to the certificate file.

manage-certificates.bat -a mycustomcert C:\Documents\ CustomCertificates

• Because CustomCertificates is a directory and not an actual file java.io.FileReader throws the FileNotFoundException.

• Per ServiceNow Documentation, manage-certificates.bat/sh is expected to be run with the full path to the certificate file like below example.

manage-certificates.bat -a mycustomcert C:\Documents\CustomCertificates\ mid.pem

Resolution .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Enter the full path to the certificate file when installing a custom certificate with the manage-certificates.bat or manage-certificates.sh scripts.

Windows:

manage-certificates.bat -a midwss \ \mid.pem

Unix/Linux:

manage-certificates.sh -a midwss / /mid.pem

Related Links .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } ServiceNow Documentation

Install the PEM file in the central MID key store and set up the MID web server

https://www.servicenow.com/docs/csh?topicname=set-mid-web-server.html&version=latest

MID Server Unified Keystore

https://www.servicenow.com/docs/csh?topicname=mid-unified-keystore.html&version=latest